Re: Inter-squid authorization problems

From: Arjan de Vet <[email protected]>
Date: Thu, 13 Nov 1997 19:32:15 +0100 (CET)

In article <Pine.WNT.3.95.971113162752.-436679D-100000@supc281.rdg.ac.uk> you write:

>The problems start when I configure each to use the other as a neighbour
>and to treat the servers as a cluster. When an object could be supplied
>by the 'other' server the transaction nonetheless fails with the message
>'Proxy authorization failed. Retry?' displayed by the client browser. It
>would seem that the second server is requiring authorization as though the
>request were coming direct from the end user rather than a querying
>server. It makes no difference whether the two servers are siblings or
>whether one is defined as a parent of the other. There are no examples of
>the ignore-domain argument to the proxy_auth option in squid.conf but I
>assume that this is not intended to prevent the behaviour I am
>experiencing (which I assume is unintentional and unforeseen).

You should make sure that the proxy servers themselves can use each other
without authentication. Try something like this:

acl myneighbor src 1.2.3.4
acl customers src some-range
acl password proxy_auth "password file"

# neighbor cache gets access without password
http_access allow myneighbor
# all others should be from a customer IP address and present a valid
# password
http_access allow customers password
# deny the rest
http_access deny all

# similar for ICP
icp_access allow myneighbor
icp_acesss deny all

>Can anybody comment or offer any further insight into the problem, please?

Arjan
Received on Thu Nov 13 1997 - 11:01:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:31 MST